1. Technical Field
The present invention relates to the field of cloud computing, and more particularly, to security issues in cloud computing.
2. Discussion of Related Art
The following documents illustrate known methods and systems for encrypting data inside cloud computing systems. The patent documents and solutions that are listed below are incorporated herein by reference in their entirety.
U.S. Pat. No. 7,277,941 discloses a method for performing a storage operation in a pipeline storage system in which one or more data streams containing data to be stored are written into data chunks. The method includes generating an encryption key associated with a first archive file to be stored when encryption is requested for the storage operation, encrypting the archive data from the data stream using the encryption key to create an encrypted data chunk when a data stream containing the archive file is processed in the pipeline storage system, storing the encrypted data chunk on a storage medium, and storing the encryption key in a manner accessible during a restore operation of the encrypted data chunk.
U.S. Pat. No. 6,751,735 discloses an apparatus and method provide a controlled, dynamically loaded, modular, cryptographic implementation for integration of flexible policy implementations on policy engines, and the like, into a base executable having at least one slot. The base executable may rely on an integrated loader to control loading and linking of fillers and submodules. A policy module may be included for use in limiting each module's function, access, and potential for modification or substitution. The policy may be implemented organically within a manager layer or may be modularized further in an underlying engine layer as an independent policy, or as a policy created by a policy engine existing in an engine layer. The policy module is subordinate to the manager module in the manager layer in that the manager module calls the policy module when it is needed by the manager module. The policy module is preferably dynamically linkable, providing flexibility, and is layered deeper within the filler module than the manager module.
Furthermore, several commercial systems are provided for this field, including the following: Navajo Systems (www.navajosystems.com) discloses the technology which suggests implementation of Proxy Server which is installed between the end user's browser and the SaaS application server, either as an appliance on the enterprise LAN/WAN or as a cloud-based service. This solution is applied for some Cloud Systems too. S3 Backup (www.maluke.com/software/s3-backup) is a fail-safe, encrypted online backup solution is used for backup data in Amazon S3 Cloud. Dropbox (www.dropbox.com) uses Cloud as FTP server with option to encrypt data on Dropbox client. Check Point Ltd. File Encryption allows transparent file encryption “on the fly” on local disk and removable media with keeping encryption key on Encryption Server.
US Patent No. 20110276806 discloses methods and systems for receiving a request for a virtual disk and creating a virtual disk that includes the virtual disk attributes identified in the request or determined by an organization's security policies. The created virtual disk can then be encrypted and in some aspects, an encryption key for the encrypted virtual disk can be stored in an encryption key database. Upon creating and encrypting the virtual disk, the virtual disk can be transmitted to a client. The client, upon receiving the encrypted virtual disk, can mount the virtual disk into the client system. The encrypted virtual disk may be stored as a file within an unencrypted virtual disk, and the unencrypted virtual disk backed up to a local or remote storage location.
US Patent No. 20110271279 discloses a secure virtual machine approach to securely distributing and running virtual machines. This approach addresses the inherent insecurity of mobile virtual machines by authenticating a user before establishing a specialized virtualization runtime environment that includes a file system driver inserted into the host operating system to provide secure access to a virtual machine by authorized hypervisors only. Further described is the creation of a secure virtual machine package that includes the various components used to perform the operations of installation, user authentication and establishment of the specialized virtualization runtime environment.